<?php
session_start();
include "library.php";

//If user has not logged in, redirect to login page

if(!isset($_SESSION["username"])){
	header("Location:login.php");
}

//If user presses logout button, close session and redirect

if(isset($_POST["logout"])){	
	session_unset();
	session_destroy();
	header("Location:home.php");
}


$pwdb = connectSQLServer("wendlc_teamsci","sdd","");
mysql_select_db("wendlc_TeamSci");

//If user is admin, redirect to members page

if($_SESSION["position"] == 1){ //Admin not allowed to use this function
	header("Location:members.php");
}

//Print header
print_header($_SESSION["position"], 7);

?>
<html>
 <head>
  <title></title>
 </head>
  <body>
	Enter keywords to search for.<BR>(Leave blank to see all entries)<BR><BR>
	<form method = 'post'>
	<input type = "text" name = "searchFor" value = "" MAXLENGTH = 300/><br /><BR/>
	<input type = 'submit' name = 'add1' value = 'Submit' /><br />
	</form>
  </body>
</html>

<?php

//If user presses submit

if(isset($_POST["add1"])){
  
  //Perform two queries. First on file names then on tags
	
  $queryName = sprintf("SELECT * FROM Files WHERE Name LIKE '%s' OR Tag LIKE '%s' ORDER BY Time DESC",
	mysql_real_escape_string("%".stripslashes(htmlspecialchars($_POST["searchFor"]))."%",$pwdb),
	mysql_real_escape_string("%".stripslashes(htmlspecialchars($_POST["searchFor"]))."%",$pwdb));
  $qName = dbquery($queryName);

  //Now display all of the information to the user with links
	
  echo "<table id = \"filetable\"><tr><th>File Name</th><th>Tags</th><th>Details Page</th></tr>";
	
  //While three are files to display, display
  
  while($resultsName = mysql_fetch_object($qName)){
    echo "<tr><td width = 300>".$resultsName->Name."</td><td width = 200>".$resultsName->Tag."</td><td><a href=\"/TEAMSCI/DetailView.php/?file_name=".$resultsName->Name."\">Link</a></td></tr>";
  }
  echo "</table>";
}
print_footer();
?>